Cyber Space Race

The US is losing ground as the leader of global cybersecurity legislation in the face of assertive  EU privacy standards and China’s draconian vision for a state controlled web. 

Background 

The globalization of value chains, increased financial integration, rapid urbanization, the Internet of Things (IoT) and its ubiquity have all accelerated worldwide economic growth over the past few decades. Unfortunately, the same developments have also significantly increased our vulnerability to external shocks and global crisis. In most OECD (Organisation for Economic Co-operation and Development) countries, the digital economy has become the economy. 

In an interconnected world, enterprises everywhere, from small business to the largest, are vulnerable to cyber-attacks. Criminals deliver spam, cast phishing attacks, facilitate click-frauds and launch distributed denial of service (DDoS) attacks with high precision. A thriving underground economy fuels the growth of innovative malwares and incentivize cyberattacks.  

Cyber threats today go well beyond network security. They are asymmetric, continually evolving and becoming more sophisticated. 

Within two decades, the global population that has access to the Internet drastically grew from only 4% to 40% of the world now. In 2017, there were 8.4 billion connected smart devices and the number is set to grow to 20.4 billion by 2020. At the same time, the global market for cybersecurity estimated to grow by nearly 15% annually to over $1 trillion by 2021. 

Read More about Cyber Security: The Broad Dilemma 

Analysis 

China began working closely with EU over cybersecurity in 2014, a move analysts say is aimed at boosting capabilities at home and easing fears abroad of a "China threat". 

"Cybersecurity is a concern shared by both parties. More co-operation in this field will also help soothe European concerns about the so-called China threat," said Zhao Junjie, a European studies specialist at the Chinese Academy of Social Sciences. "It's time for China and the EU to deepen their relationship, to make it more stable and sustainable. More practical co-operation on big projects would help.” 

A number of sources have reported on the extensive and increasing ransomware threat. India leads the world in users (9.6%) who have suffered a ransomware attack. The US is the tenth worst country for ransomware attacks (1.41%). In addition to the highest rate of malware infections, China is home to 29.56% of the world’s DDOS (distributed denial of service) attacks. 

Increasing cyber espionage cases in the US, staking the highest global cut of such attacks at 56%, has heightened the need for the US to set up an independent Department of Cybersecurity to combat threats. Currently, their capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent. However, the idea has been rejected on account of budget losses and redistribution of personnel. 

On the other hand, Germany recognizes “cyber security” as one of the most central challenges. As such, it spends considerable time discussing the importance of leveraging domestic resources, such as the National Cyber Response Centre and the National Cyber Security Council, to protect German users. 

The EU’s General Data Protection Regulation (GDPR) took effect in May 2018 and covers how companies store your data, and requires them to alert authorities within 72 hours of a breach. If companies don't comply, they can be fined 4% of their revenue or 20 million Euros. For Europe, authorities are more skeptical about companies over governments. Yet, US remains skeptical of their own administration, thus leading to weak regulation and deterrence. 

US government agencies were ordered to implement Domain-based Message Authentication, Reporting and Conformance (DMARC), which prevents cybercriminals from spoofing email domains, a tactic often used in phishing campaigns. However, only 1 out of 26 White House email domains still use it. Email leaks and election manipulation cannot be prevented if implementation of existing security framework, however weak, does not take place in public and private spheres. 

Information and communications technology (ICT) has been a central tenet of China’s latest policy goals. Not only has China established a number of departments, including Cyberspace Administration of China (CAC), but also worked towards a dynamic framework to deal with foreign companies. It includes several top-level guiding documents and six major systems of concrete policy, each with its own bureaucracy and enforcement mechanisms. Moreover, they haveacknowledged the need for Hong Kong and Macau to formulate effective measures to protect the entirety of Chinese cyber space. 

There exists, however,a major contention in Chinese-US relations as China’s cybersecurity law  requires foreign companies to submit their products for government review, among other provisions.Trump’s administration imposed tariffs on imports worth $50 billion, the cost of China’s policy that forces US companies to transfer their technology to Chinese enterprises. The trade war began, not to deal with trade deficit, but to counter technology transfer. 

Read More on US Limits on Chinese Investment in Tech 

Assessment

Our assessment is that weak policy framework and implementation of cyber defence mechanisms in US has reduced their capacity in the global cyberspace. We believe that strengthened EU-China relations in the field of cybersecurity has further offset US domination in the field. We feel that governments and companies ought to enact concrete provisions to prevent internal and external threats with adequate deterrent mechanisms like fines and judicial accountability.